...
We just have to paste the output of the .pem file into the tls.crt field and the output of the .key file into the tls.key field.
Create an Ingress with Basic Authentication
Authentication is not enabled by default for kubectl and Helm installations. In these steps, you’ll learn how to create an Ingress with basic authentication using annotations for the nginx ingress controller. Let's start by creating a basic auth file auth (it’s important the file generated is named auth, otherwise the Ingress returns a 503)
| Code Block |
|---|
| language | bash |
|---|
| title | auth |
|---|
| collapse | true |
|---|
|
$ USER=<USERNAME>; PASSWORD=<PASSWORD>; echo "${USER}:$(openssl passwd -stdin -apr1 <<< ${PASSWORD})" >> auth
# For instance
$ USER=foo; PASSWORD=bar; echo "${USER}:$(openssl passwd -stdin -apr1 <<< ${PASSWORD})" >> auth
$ cat auth
foo:$apr1$FnyKCYKb$6IP2C45fZxMcoLwkOwf7k0 |
Then, create a secret
| Code Block |
|---|
| language | bash |
|---|
| title | Create secret |
|---|
| collapse | true |
|---|
|
$ kubectl -n <namespace> create secret generic basic-auth --from-file=auth
secret/basic-auth created |
Finally, add the following annotations in the ingress resource manifest above. In this way, when you connect via browser, a pop-up will appear, in which you can enter your previously chosen user and password.
| Code Block |
|---|
| language | yml |
|---|
| title | Add annotations |
|---|
| collapse | true |
|---|
|
metadata:
annotations:
# type of authentication
nginx.ingress.kubernetes.io/auth-type: basic
# prevent the controller from redirecting (308) to HTTPS
nginx.ingress.kubernetes.io/ssl-redirect: 'false'
# name of the secret that contains the user/password definitions
nginx.ingress.kubernetes.io/auth-secret: basic-auth
# message to display with an appropriate context why the authentication is required
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required '
# custom max body size for file uploading like backing image uploading
nginx.ingress.kubernetes.io/proxy-body-size: 10000m |